Users login

Trouble With Trojans

by Nikola Strahija on December 6th, 2002A security crisis is starting to emerge in the world of computing. The year 2002 will prove to be the worst year yet for hacking. The following year will probably be worse. The number of breaches of computer security and the money lost has been escalating rapidly ever since the Internet was born.

If you characterise computer security as a battle between the forces of good and the forces of evil, then at the moment you have to conclude that the bad guys are winning. Here's why:

It all has to do with Trojans. A Trojan is a program that is put onto a computer by a hacker to allow him to do various nefarious things, like record all your keyboard activity so he can know all your passwords or take a screen shot of what is showing on your screen.

When a hacker breaks into a computer he copies his toolbox - his collection of Trojans - onto your machine and gets to work. What the hacker will usually do is to try to make his activity invisible, so that even if you know a little about how the computer works you will neither be able to see his programs nor any traces of what he may have done.

So where does the hacker get his Trojan tool box from? He may write them himself, but actually, Trojans are freely available for download over the Internet. They can be found in a variety of places - the places where hacker's tend to gather. Surprisingly, some Trojans are very well written with a well designed user interface and look like a standard Windows application, until you look at what they can do.

Anyone can become a hacker. There are web sites that provide free advice on what to do and how to do it. Naturally there is no shortage of recruits to the hacking community. So the hacker community is growing fast and now includes people from just about everywhere on the planet.

This on its own makes catching hackers quite difficult. What does a company do if it discovers that data has been stolen by someone using a computer somewhere in the Ukraine?

All of this should be worrying, but the latest hacker trick is far more worrying. The trick is to distribute a computer virus which opens up a way in to the computers it infects. Such viruses began to appear a couple of years ago. Since then they have simply got more sophisticated. To give you an idea here is a brief review of the capabilities of the BugBear virus, perhaps the most worrying yet to appear.

First of all BugBear is highly infectious. It uses just about every infection trick that any virus has ever used, including email, attaching to programs and other files and worming its way over a network. Its use of email is a wonder to behold. It looks for email address books and sends out emails to every name it can find. However, it spoofs each of the emails it sends, by making them look that they came from somewhere else. Thus, if BugBear infects John Doe's computer it sends out emails as though they came from Jim Smith (or some other name it finds in an email address book). Thus, it hides the identity of the machine that it has infected. It also composes the emails randomly varying the Title from a long list of titles that might tempt the receiver to open the email (for example, Please Help…, SCAM alert!!!, bad news, Membership and many others).

It has a definite dislike of security software. It holds a list of 106 security programs that it will shut down if it can. These programs are either antivirus or firewall programs and include virtually all the major security programs used on Windows PCs. However it tries to hide the fact that it has done this. It randomly chooses file names for the files it adds to a computer, sometimes spoofing genuine files. In fact Bugbear does everything it can to hide the fact that it has infected a computer.

Home PC users that get infected with BugBear may remain completely unaware of it.

On top of this and what is most worrying, BugBear installs a backdoor into all computers that it infects, so that hackers can get in, and to cap it all, it installs a keylogger program - a Trojan that records all keyboard usage. In other words, BugBear prepares your computer for a hacker to come in and read the details of anything that may be keyed in - including perhaps, passwords to your systems at work, passwords in to your Internet bank account, passwords to Amazon or any other e-retail service that you use.

And it doesn't open up the computer just to the hacker that invented the BugBear virus, but to any hacker out there that is aware of how the BugBear backdoor works. That means pretty much all hackers.

So the commercial nightmare is this:

Internet businesses and particularly Internet banks may suddenly discover that their customers are unable to use their services safely.

It is impossible to know for sure how many computers are infected by Trojans or have had back doors put in them by some of the recent viruses (Nimda, Klez, BugBear and others) that open them up to risk. Some estimates of this have been done by monitoring Internet traffic and the number runs into millions. Some estimate that it may be as high as 5 percent of all PCs connected to the Internet - which would be about 30 million across the world.

Digital crime is rising and the casual PC user is outgunned and hopelessly vulnerable. Most home PCs don't even have antivirus software installed, and even if they do, most antivirus software only protects against yesterday's viruses.